enum4linux ⚙️

The Perl script is a powerful tool able to operate recon techniques for , and . It's an alternative to a similar program named (C++) created for Windows systems. Lately, a rewrite of enum4linux in Python has surfaced, called . The enum4linux scripts are mainly wrappers around the Samba tools , , and .

The following techniques can be operated.

Service & port scan (for LDAP(S), SMB, NetBIOS, MS-RPC)
NetBIOS names and workgroup (via )
SMB dialects checks (SMBv1 only or SMBv1 and higher)
RPC sessions checks (checks if the user creds supplied are valid or if works)
Domain information via LDAP (find out whether host is a parent or child DC)
Domain information via RPC ( \pipe\lsarpc for MS-RPC)
OS information via RPC ( \pipe\srvsvc for MS-RPC)
Users, groups, shares, policies, printers, services via RPC
Users, groups and machines via
SMB Share names bruteforcing

All of the techniques mentioned above (except RID cycling) will be operated when running the following command.

enum4linux-ng.py -A $TARGET_IP

RID cycling can be enabled with the -R option.

PreviousMS-RPC NextPassword policy

Last updated 1 year ago

Was this helpful?